A computer worm is currently in the wild that is attacking unpatched WordPress blogs. Unpatched meaning blogs that have not been updated by their administrators to the latest version of the popular blogging software.
The worm exploits a known security vulnerability in older versions of WordPress to create a user account, make some changes to the WordPress installation and to the permalink structure of the blog. Since it makes public changes to the site, it is easy enough to find out if a site has been successfully attacked by the worm.
All that needs to be done is to look at the urls of the blog. If there is more than there should be the blog has been most likely fallen pray to the worm.
According to Mashable there are two clues that your blog has been successfully attacked by the computer worm:
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.
Webmasters are asked to update their blogs to the latest version of WordPress immediately. Those that have been hit by the computer worm should backup all files, export their settings, and do a clean install of WordPress. More help is offered on the WordPress website which explains what needs to be done in case the blog has been hacked.
It's Sunday and it is time for a little rant. Webmasters who do not update their blogs as soon as a new version of their blogging software is released are acting stupid. A WordPress update usually takes less than ten minutes and ensures that the blog and server is protected from attacks like these.
Webmasters who do not have the time to perform these updates should consider switching to a hosted blogging platform like that at Blogger or WordPress.com. The automatic update option that has been introduced in recent WordPress versions makes it even easier to update the blog as soon as a new version is released. Webmasters who cannot do this should not operate a self hosted blog, period.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.